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DETAILED ACTION 

1 . This action is response to communication: RCE filed on 04/30/2009. 

2. Claims 1-7 and 14-23 are currently pending in this application. Claims 1 and 14 
are independent claims. Claims 8-13 have been cancelled. 

3. No IDS was received for this application. 

4. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
04/30/2009 has been entered. 

Response to Arguments 

5. Applicant's arguments filed 04/30/2009 have been fully considered but they are 
moot in view of new ground(s) of rejection 

Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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7. Claims 1-7 are rejected under 35 U.S.C. 101 based on Supreme Court precedent 
and recent Federal Circuit decisions, a 35 U.S.C § 101 process must (1) be tied to a 
particular machine or (2) transform underlying subject matter (such as an article or 
materials) to a different state or thing, in re Bilski et al, 88 USPQ 2d 1385 CAFC 
(2008); Diamond v. Diehr, 450 U.S. 175, 184 (1981); Parker v. Flook, 437 U.S. 584, 588 
n.9 (1978); Gottschalk v. Benson, 409 U.S. 63, 70 (1972); Cochrane v. Deener, 94 U.S. 
780,787-88 (1876). 

An example of a method claim that would not qualify as a statutory process 
would be a claim that recited purely mental steps. Thus, to qualify as a § 101 statutory 
process, the claim should positively recite the particular machine to which it is tied, for 
example by identifying the apparatus that accomplishes the method steps, or positively 
recite the subject matter that is being transformed, for example by identifying the 
material that is being changed to a different state. 

Here, applicant's method steps are not tied to a particular machine and do not 
perform a transformation. For example, the applicants do not claim what machine is 
performing steps a-e. Further, as seen in D, the steps seem to be performed by a 
human. 

The mere recitation of the machine in the preamble with an absence of a 
machine in the body of the claim fails to make the claim statutory under 35 USC 101 . 
Note the Board of Patent Appeals Informative Opinion Ex parte Langemyeret al. 



Claim Rejections - 35 USC §112 
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8. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 1-7 and 14-23 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. 

As per claims 1-7 and 14-23, the claim recites a smart card having a convention 
ISO 7816 six pad array. However, this is not provided in the applicant's specification. 
The specification only claims a smart card which is compliant with ISO 7816 standards 
which can be used in existing card readers. Further, the claims recite producing an 
identification sequence on one otherwise unused pad. This is not described in the 
applicant's specification. Also, the claim recites connecting to an IVR server by dialing 
an appropriate number. This is also not taught by the applicant's specification. 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 1-7 and 14-23 rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 
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As per claims 1-7 and 14-23, the independent claims recite producing an 
identification sequence on one otherwise unused pad. It is unclear what the applicant 
means by an otherwise unused pad, as it is not even describe din the specification 



Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. Claims 1,14, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Landry et al US Patent No. 6,687,350 (hereinafter Landry), in view of Hohle US 
Patent No. 6,199,762 (hereinafter Hohle, and further in view of Barber US Patent No. 
3,81 1 ,01 2 (hereinafter Barber). 

As per claim 1 , Landry teaches a method for a second operation of 
authenticating a user and securing an online transaction over a telephone, comprising: 
providing a connector connecting a smart card to a telephone (Figure 2 item 30, with the 
analogue front-end unit; col. 5 lines 20-35); transmitting from the smart card at least an 
identification sequence for the user to an IRV server connected to a telephone line in 
the form of a modulated signal (col. 10 lines 25-30; col. 5 lines 1-22; col. 6 lines 5-29; 
Figures 2,3; also col. 5 lines 13-35, wherein the signal is modulated as it goes through 
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modem 26); demodulating the identification sequence at the IVR server (It is inherent 
that the signal is demodulated, as a modulated signal must be demodulated in order for 
the data to be useful and processed; also occurs at the IVR server (col. 5 lines 1-10) ); 
and authenticating the user and the transaction at an application server receiving the 
demodulated identification sequence from the IVR server over a communication 
network wherein data processing required for generating, transmitting, and 
authenticating the user occur without data processing assistance from the connector 
(col. 8 line 45-65; col. 10 lines 1-35; Figure 5, and abstract, wherein the application 
server controls the functions of the smart card reader). 

As per claim 1 , Landry teaches a method for authenticating a user and securing 
an online transaction over a telephone comprising: a) connecting a smart card which 
comprises circuitry to produce a modulated voltage signal in a manner to produce an 
identification sequence stored on the card and associated with a specific person (col. 10 
lines 25-30; col. 5 lines 1-22; col. 6 lines 5-29; Figures 2,3; also col. 5 lines 13-35), b) 
connecting a telephone hand set to the same telephone line (Figures 2 and 3); c) 
connecting to an interactive voice response (IVR) serve on the telephone network by 
dialing an appropriate number on the handset (col. 5 lines 1-10); d) entering a pin 
number though the telephone handset by the specific person (col. 10 lines 15-45); and 
e) demodulating the identification sequence at the IVR and using the demodulated 
information sequence and the PIN to communicate with an authentication server and 
authentication the person (col. 8 line 45-65; col. 10 lines 1-35; Figure 5, and abstract). 
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However, at the time of the invention, Landry does not specifically teach a smart 
card which is complaint with ISO 7816 standards. However, as taught in the applicant's 
specification and also clamed, the ISO 7816 complaint smart cards are convention. For 
further reference, see Hohle at col. 4 lines 10-27. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include smart cards taht are compliant with the ISo 7816 standard. As seen, 
the ISO 7816 is a standard, and it would be beneficial to adopt to such a well known 
standard as it makes it more complaint to different systems so it will be more efficient 
also. 

However, at the time of the invention, Landry as modified by Hohle does not 
explicitly teach wherein a switch is used to send out a modulated signal. Having, using 
switches to activate certain sequences are well known in circuit design. Whether the 
switch connects the circuit to a ground or a voltage source to activate or deactivate a 
certfain function is a mere design choice. However, utilizing switches in circuits is well 
known in the art. For example, this is taught by Barber, such as in col. 1 line 55 to col. 2 
line 29). 

At the time of the invention, it would have been obvious to utilize circuit design to 
activate sending signals through a telephony line. One of ordinary skill in the art would 
have been motivated to perform such an addition to be able to control when signals are 
sent. Having this would allow more user control. 
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Claim 14 is rejected using the same basis of arguments used to reject claim 1 
above. A card reader connected to a telephone is taught throughout the reference, 
such as in Landry Figure 1a and 1b. It is inherent that a telephone is connected to a 
telephone line. An IVR server connected to the telephone line is taught throughout the 
reference, such as in Figures 1, 2, 3, and col. 5 lines 1-12. 

As per claim 23, Landry teaches wherein the card reader is further integrated into 
the telephone handset (col. 2 lines 45-68). 

1 1 . Claims 2-3 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Landry, Hohle, and Barber as applied above ("Landry combination"), and further in view 
of Chang et al. US Patent No. 6,715,082 (hereinafter Chang). 

As per claim 2, Landry teaches a credit card number in col. 1 lines 25-29, which 
is a unique number. However, the Landry combination does not explicitly teach the use 
of one time keys on a smart card. These are well known in the art, as can be seen in 
Chang col. 2 lines10-25. 

At the time of the invention, it would have been obvious to include random one- 
time keys to be stored on smart cards. One of ordinary skill in the art would have been 
motivated to perform such an addition to increase security. This is taught by Chang in 
col. 2 lines 11-15. 
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As per claim 3, the one-time password taught by Chang in col. 2 lines 10-25 is a 
key used in a session. It is taught in Chang that this one time password/key is not 
transmitted to an authentication server, as it is only transmitted to an access server. 

Claim 15 is rejected using the same basis of arguments used to reject claim 2 

above. 

Claim 16 is rejected using the same basis of arguments used to reject claim 3 

above. 

12. Claims 4 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Landry, Hohle, Barber, and Chang as applied above, and further in view of Brinkmeyer 
et al. US Patent No. 5,619,573 (hereinafter Brink). 

As per claim 4, the Landry combination does not explicitly teach wherein the 
session key is a function of a previous key. However, this is taught by Brink, such as in 
col. 3 lines 60 to col. 4 line 25. This would be inherently known by an authentication 
server, as the authentication server needs to know the key in order to verify if it was 
valid or not. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include using a previously known key. One of ordinary skill in the art would 
have been motivated to perform such an addition to create more security. As they are 
one way functions, it would be extremely difficult to determine the previous keys unless 
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they were known. By using previous keys, it would increase security, as it would almost 
guarantee that the key was actually known by the user and the authentication server, 
and not a malicious middle man. 

Claim 17 is rejected using the same basis of arguments used to reject claim 14 

above. 

1 3. Claims 5-7 and 1 8-20 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Landry, Hohle, Barber, Chang, and Brink as applied above, and further in view of 
Bruce Schneier's Applied Cryptography, 2 nd Edition (1997), (hereinafter Schneier). 

As per claims 5-7, the claims recite the use of encryption keys, decryption, one- 
way functions and authentication. These are well known in the art, as taught throughout 
Schneier, such as in pages 28-42. Pin codes are taught throughout Landry and Kia, 
and it would be obvious to encrypt PIN's, because PIN contains sensitive information, 
which should never be sent in the clear. Further, it is common practice that 
authentication is valid if PIN's match a PIN stored in a database, (that's how PIN's or 
passwords work). Further, databases holding security information is taught throughout 
Kia, such as in col. 2 lines 14-20 and in col. 3 lines 15-24 and col. 4 lines 29-37. 

At the time of the invention, it would have been obvious to combine the teachings 
of Schneier with the Landry combination. One of ordinary skill in the art would have 
been motivated to perform such an addition to be able to provide a secure system. The 
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Landry combination is already directed to secure online transactions, and Schneier 
teaches the details of this. 

Claim 18-20, as best understood by the Examiner, are rejected using the same 
basis of arguments used to reject claims 507 above. 

14. Claims 21 -22 are rejected under 35 U.S.C. 1 03(a) as being obvious over the 
Landry combination as applied above. 

As per claim 21 , the claim recites wherein the smart card is powered by the 
voltage provided by the telephone line. It is well known in the art that telephones are 
powered by the power flowing from telephone lines. Since the Smart Card reader is 
attached to the telephone, as taught in Landry, it would have been obvious to power a 
smart card that is connected to the phone using the voltage provided by the phone, as 
this would reduce the amount of more power sources and voltage lines. Further, Landry 
teaches that the smart card may be powered by the telephone set, in col. 7 lines 50-54. 
As already discussed, many phones are powered by the telephone lines. 

As per claim 22, it is inherent that a smart card would transmit signals via 
contacts. Although the Landry combination does not explicitly teach ISO contacts, it 
would have been obvious to do so, if not inherent. As Landry already teaches utilizing 
contacts, it would have been obvious to utilize ISO contacts, as ISO contacts are well 
known in the art and used throughout industry. It would have been obvious incorporate 
ISO contacts for ease of use. 
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Conclusion 

1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Jason Gee 
Patent Examiner 
Technology Center 2400 
10/28/2008 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



